Here is my contribution to controlling the line bring up problem. The clients I have applied these to ARE NOT using TCP Microsoft Networking, on their local LAN, TCP is only for Internet use, I have always disabled the bindings for Microsoft TCP networking . Hope this may help. ************************ In NT Network: TCP/IP Protocol (Properties): WINS Address Disable DNS for Windows Resolution ************************ <A HREF="http://www.microsoft.com/kb/articles/q137/3/68.htm">http://www.microsoft.com/kb/articles/q137/3/68.htm</A> - - - - -Microsoft's DNS Bug Information Microsoft Knowledge Base How to Disable NetBIOS Name Resolution on DNS Last reviewed: May 1, 1997 Article ID: Q137368 The information in this article applies to: Microsoft Windows 95 IMPORTANT: This article contains information about editing the registry. Before you edit the registry, you should first make a backup copy of the registry files (System.dat and User.dat). Both are hidden files in the Windows folder. SUMMARY This article describes how to disable NetBIOS name resolution on a domain- name system (DNS) while retaining other DNS functionality. MORE INFORMATION When Windows 95 tries to resolve a NetBIOS name using a NetBIOS name server, it first checks a Windows Internet Name Service (WINS) server, and then checks a DNS server. WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows 95. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. NOTE: For information about how to edit the registry, view the Changing Keys And Values online Help topic in Registry Editor (Regedit.exe). Note that you should make a backup copy of the registry files (System.dat and User.dat) before you edit the registry. To disable NetBIOS name resolution on a DNS server, change the string value EnableDNS in the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP from 1 to 0. query words: 95 black hole tcp/ip Keywords : kbnetwork kbusage msnets win95 Version : 95 Platform : WINDOWS </SPAN> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Last reviewed: May 1, 1997 ©1997 Microsoft Corporation. All rights reserved. Legal Notices </MISC/CPYRIGHT.HTM>. ************************ An ascend filter that was passed on to me that may help: START=FILT=200=0 Name=Windows Call In filter 01...Valid=Yes Out filter 01...Valid=Yes Out filter 01...Type=IP Out filter 01...Ip...Protocol=17 Out filter 01...Ip...Src Port Cmp=Eql Out filter 01...Ip...Src Port #=137 Out filter 01...Ip...Dst Port Cmp=Eql Out filter 01...Ip...Dst Port #=137 Out filter 02...Valid=Yes Out filter 02...Type=IP Out filter 02...Ip...Protocol=17 Out filter 02...Ip...Src Port Cmp=Eql Out filter 02...Ip...Src Port #=138 Out filter 02...Ip...Dst Port Cmp=Eql Out filter 02...Ip...Dst Port #=138 Out filter 03...Valid=Yes Out filter 03...Type=IP Out filter 03...Ip...Protocol=17 Out filter 03...Ip...Src Port Cmp=Eql Out filter 03...Ip...Src Port #=139 Out filter 03...Ip...Dst Port Cmp=Eql Out filter 03...Ip...Dst Port #=139 Out filter 04...Valid=Yes Out filter 04...Type=IP Out filter 04...Generic...Forward=Yes Out filter 04...Ip...Forward=Yes END=FILT=200=0 At 10:56 PM 10/7/97 +0100, you wrote: >I just read the FAQ Kevin Smith mentioned for the description of NetBEUI >filters (<A HREF="http://www.ascend.com/faqs/750/786-faq.html">http://www.ascend.com/faqs/750/786-faq.html</A>) and it looks to me >that a long, long thread is going to start again in this list... > >Basically it describes how to filter UDP traffic on ports 137-139. I've >tried that in the past (having a NT 3.51 workstation behind a P50) with >little success. As suggested on this list I even filtered TCP traffic on >these ports with the same effect. Strange, before joining the Ascend >list I always thought that Ethernet traffic in general and binary >matches in particular were deterministic actions, i.e. when I do exactly >what somebody else describes what I have to do to filter some sort of >traffic it would just work. I am not sure anymore ;-> > >Then I used the debug method to determine the packet that causes the >dial-out (debug mode/wdd). It looked like: > >WD_DIALOUT_DISP: chunk 25B6DE type OLD-STYLE-PADDED. >: 44 octets @ 2864A8 > >00 C0 7B 5C DD A7 destination MAC >00 00 C0 D3 9D AD source MAC >08 00 type IP >45 00 00 2C 8B 54 ??? >40 00 1F 06 13 B1 ??? >FF D9 61 12 149.xxx.97.18 <NT host> >FF D9 30 02 149.xxx.48.2 <DNS name server> >06 C8 00 6E 2E CC ??? >4F 59 00 00 ??? > >I couldn't decode it fully but from the addresses I guessed it was a >WINS call to the name server, thus totally legal. >In contrast to the FAQ I think that configuring WINS is not causing >grief for NT users. WINS is comparable to DNS, it's a service you need >on the LAN. If you filter it you'll miss it. Of course, the local NT >machines should be listed in a local LMHOSTS file to reduce this kind of >traffic. > >Still not happy with a call every 10 minutes I searched the MS >website/Knowledge Base for the dialup issue. I found two texts dealing >with NT browser lookups and Domain Controller lookups: > >Information on Browser Operation >Article ID: Q102878 >Revision Date: 24-SEP-1996 > >Browsing & Other Traffic Incur High Costs over ISDN Routers >Article ID: Q134985 >Revision Date: 03-SEP-1996 > >In essence my trouble started when I connected to a NT domain and became >part of it. When I log off NT generates a list of all known domains the >NT workstation is part of and this causes a dial-out. Solution: I don't >log off anymore :-) > >And there are frequent browser updates and such associated with domain >membership as outlined in the first MS article. In the second MS article >I found registry keys which control the frequency of the updates. I >changed them from 10 minutes to 1 day and I can live with it now. > >This "solution" does not impair NT browsing other than the browsing list >sometimes is 1 day old whereas with filtering I would not get any >browsing information. (Besides, filtering did never work for me, either >because I am too dumb to copy Ascend's FAQ or I mix up In and Out...) > >Then somebody suggested using IP only. Of course you can transfer files >with an ftp client, you could mount NFS drives using 3rd party software, >you could even telnet into a NT box with additional software. But, alas, >there is one thing I experienced that will only work with NetBEUI >enabled. Sometimes the remote domain controller won't authenticate me. >For whatever reasons (mumble, mumble, "Your set of permissions do not >match the requested permissions..."), and sure next day it _will_ let me >in. >The workaround is to mount an NT drive in File Manager (via NetBEUI) - - >the only place where NT will ask you for a username and password if it >thinks you are not authorized to come in the easy way. All other silent >logins (via RPC) will not ask but refuse the request. The eventlog for >example. So I keep NetBEUI alive, and sometimes it's only convenient to >mount a drive in File Manager. > >Hope this makes the "NT filtering" thing a bit easier for all of us who >are suffering from MS operating systems. One day MS will give up NetBEUI >altogether in favor of IP and Ascend's users will be happy again. > >Sorry if this post got a bit longer. > >Cheers, > Wolfgang > >_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- _-_- > B E N E I C K E > EDV-Beratung >_____________________________________________________________________ ___ > Netzwerk-Design - 3Com Solution Partner > ISDN Remote Access - ASCEND Vertrieb > DIGITAL PC-Systeme und Server > ApplePoint > Windows NT-Netzwerke > Unix Workstation-Peripherie > >Dr. Wolfgang Beneicke fon +49-6223- 48126 >Fasanenstrasse 16, D-69251 Gaiberg fax +49-6223- 5708 >...near world famous Heidelberg, Germany >_-_-_-_-_s-c_h-n_i-p_p_-_-_-_-_-_-_-_-_-_--_-_-_-_-_-_-_-_z-a_c-k_-_- _-_ >++ Ascend Users Mailing List ++ >To unsubscribe: send unsubscribe to ascend-users-request@bungi.com >To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> > > -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNDvSizFXdCayiTaREQJSygCff947QDrXeYnK4JDyphO7IN808/IAoLA2 /mto0UMAkJ4CdM122MYB/94C =sM2E -----END PGP SIGNATURE----- ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg09539.html">Re: (ASCEND) sigh</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg09538.html">Re: (ASCEND) upgrading - what terminal app?</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg09493.html">Re: (ASCEND) Re: NetBios Filters</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg09497.html">(ASCEND) ok, color me perplexed</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail20.html#09545"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd197.html#09545"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>